X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/6d9b05ae272ca2122b48451c317d601e449af932..7bb5bc2c6592e062bf0b514cc71afd2d93e2e0dd:/doc/doc-txt/ChangeLog

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 625c6d426..eb8c3588e 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -179,7 +179,22 @@ JH/34 Bug 3013: Fix use of $recipients within arguments for ${run...}.
 JH/35 Bug 3014: GnuTLS: fix expiry date for an auto-generated server
       certificate.  Find and fix by Andreas Metzler.
 
-JH/36 Add ARC info to DMARC hostory recordsl
+JH/36 Add ARC info to DMARC hostory records.
+
+JH/37 Bug 3016: Avoid sending DSN when message was accepted under fakereject
+      or fakedefer.  Previously the sender could discover that the message
+      had in fact been accepted.
+
+JH/38 Taint-track intermediate values from the peer in multi-stage authentation
+      sequences.  Previously the input was not noted as being tainted; notably
+      this resulted in behaviour of LOGIN vs. PLAIN being inconsistent under
+      bad coding of authenticators.
+
+JH/39 Bug 3023: Fix crash induced by some combinations of zero-length strings
+      and ${tr...}.  Found and diagnosed by Heiko Schlichting.
+
+JH/40 Bug 2999: Fix a possible OOB write in the external authenticator, which
+      could be triggered by externally-supplied input.  Found by Trend Micro.
 
 
 Exim version 4.96